U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,178 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2024-30178

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3.

Published: March 27, 2024; 7:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30177

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.

Published: March 27, 2024; 7:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29936

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.

Published: March 27, 2024; 7:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29935

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0.

Published: March 27, 2024; 7:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29934

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25.

Published: March 27, 2024; 7:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29933

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.

Published: March 27, 2024; 7:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29819

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2.

Published: March 27, 2024; 7:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25962

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.

Published: March 27, 2024; 7:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29932

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.

Published: March 27, 2024; 6:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29931

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.

Published: March 27, 2024; 6:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29930

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4.

Published: March 27, 2024; 6:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29929

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8.

Published: March 27, 2024; 6:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2962

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.

Published: March 27, 2024; 5:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2956

The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Published: March 27, 2024; 4:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2466

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).

Published: March 27, 2024; 4:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.

Published: March 27, 2024; 4:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2379

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

Published: March 27, 2024; 4:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2004

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.

Published: March 27, 2024; 4:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29928

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.1.

Published: March 27, 2024; 4:15:40 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29927

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7.

Published: March 27, 2024; 4:15:40 AM -0400
V3.x:(not available)
V2.0:(not available)